<!doctype html>

<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>legacyconversions.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>

<div class="clear"></div>

<h2><a href="local_closure_goog_html_legacyconversions.js.html">legacyconversions.js</a></h2>

<pre class="prettyprint lang-js">
<a name="line1"></a>// Copyright 2013 The Closure Library Authors. All Rights Reserved.
<a name="line2"></a>//
<a name="line3"></a>// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
<a name="line4"></a>// you may not use this file except in compliance with the License.
<a name="line5"></a>// You may obtain a copy of the License at
<a name="line6"></a>//
<a name="line7"></a>//      http://www.apache.org/licenses/LICENSE-2.0
<a name="line8"></a>//
<a name="line9"></a>// Unless required by applicable law or agreed to in writing, software
<a name="line10"></a>// distributed under the License is distributed on an &quot;AS-IS&quot; BASIS,
<a name="line11"></a>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<a name="line12"></a>// See the License for the specific language governing permissions and
<a name="line13"></a>// limitations under the License.
<a name="line14"></a>
<a name="line15"></a>/**
<a name="line16"></a> * @fileoverview Conversions from plain string to goog.html types for use in
<a name="line17"></a> * legacy APIs that do not use goog.html types.
<a name="line18"></a> *
<a name="line19"></a> * This file provides conversions to create values of goog.html types from plain
<a name="line20"></a> * strings.  These conversions are intended for use in legacy APIs that consume
<a name="line21"></a> * HTML in the form of plain string types, but whose implementations use
<a name="line22"></a> * goog.html types internally (and expose such types in an augmented, HTML-type-
<a name="line23"></a> * safe API).
<a name="line24"></a> *
<a name="line25"></a> * IMPORTANT: No new code should use the conversion functions in this file.
<a name="line26"></a> *
<a name="line27"></a> * The conversion functions in this file are guarded with global flag
<a name="line28"></a> * (goog.html.legacyconversions.ALLOW_LEGACY_CONVERSIONS). If set to false, it
<a name="line29"></a> * effectively &quot;locks in&quot; an entire application to only use HTML-type-safe APIs.
<a name="line30"></a> *
<a name="line31"></a> * Intended use of the functions in this file are as follows:
<a name="line32"></a> *
<a name="line33"></a> * Many Closure and application-specific classes expose methods that consume
<a name="line34"></a> * values that in the class&#39; implementation are forwarded to DOM APIs that can
<a name="line35"></a> * result in security vulnerabilities.  For example, goog.ui.Dialog&#39;s setContent
<a name="line36"></a> * method consumes a string that is assigned to an element&#39;s innerHTML property;
<a name="line37"></a> * if this string contains untrusted (attacker-controlled) data, this can result
<a name="line38"></a> * in a cross-site-scripting vulnerability.
<a name="line39"></a> *
<a name="line40"></a> * Widgets such as goog.ui.Dialog are being augmented to expose safe APIs
<a name="line41"></a> * expressed in terms of goog.html types.  For instance, goog.ui.Dialog has a
<a name="line42"></a> * method setSafeHtmlContent that consumes an object of type goog.html.SafeHtml,
<a name="line43"></a> * a type whose contract guarantees that its value is safe to use in HTML
<a name="line44"></a> * context, i.e. can be safely assigned to .innerHTML. An application that only
<a name="line45"></a> * uses this API is forced to only supply values of this type, i.e. values that
<a name="line46"></a> * are safe.
<a name="line47"></a> *
<a name="line48"></a> * However, the legacy method setContent cannot (for the time being) be removed
<a name="line49"></a> * from goog.ui.Dialog, due to a large number of existing callers.  The
<a name="line50"></a> * implementation of goog.ui.Dialog has been refactored to use
<a name="line51"></a> * goog.html.SafeHtml throughout.  This in turn requires that the value consumed
<a name="line52"></a> * by its setContent method is converted to goog.html.SafeHtml in an unchecked
<a name="line53"></a> * conversion. The conversion function is provided by this file:
<a name="line54"></a> * goog.html.legacyconversions.safeHtmlFromString.
<a name="line55"></a> *
<a name="line56"></a> * Note that the semantics of the conversions in goog.html.legacyconversions are
<a name="line57"></a> * very different from the ones provided by goog.html.uncheckedconversions:  The
<a name="line58"></a> * latter are for use in code where it has been established through manual
<a name="line59"></a> * security review that the value produced by a piece of code must always
<a name="line60"></a> * satisfy the SafeHtml contract (e.g., the output of a secure HTML sanitizer).
<a name="line61"></a> * In uses of goog.html.legacyconversions, this guarantee is not given -- the
<a name="line62"></a> * value in question originates in unreviewed legacy code and there is no
<a name="line63"></a> * guarantee that it satisfies the SafeHtml contract.
<a name="line64"></a> *
<a name="line65"></a> * To establish correctness with confidence, application code should be
<a name="line66"></a> * refactored to use SafeHtml instead of plain string to represent HTML markup,
<a name="line67"></a> * and to use goog.html-typed APIs (e.g., goog.ui.Dialog#setSafeHtmlContent
<a name="line68"></a> * instead of goog.ui.Dialog#setContent).
<a name="line69"></a> *
<a name="line70"></a> * To prevent introduction of new vulnerabilities, application owners can
<a name="line71"></a> * effectively disable unsafe legacy APIs by compiling with the define
<a name="line72"></a> * goog.html.legacyconversions.ALLOW_LEGACY_CONVERSIONS set to false.  When
<a name="line73"></a> * set, this define causes the conversion methods in this file to
<a name="line74"></a> * unconditionally throw an exception.
<a name="line75"></a> *
<a name="line76"></a> * Note that new code should always be compiled with
<a name="line77"></a> * ALLOW_LEGACY_CONVERSIONS=false.  At some future point, the default for this
<a name="line78"></a> * define may change to false.
<a name="line79"></a> */
<a name="line80"></a>
<a name="line81"></a>
<a name="line82"></a>goog.provide(&#39;goog.html.legacyconversions&#39;);
<a name="line83"></a>
<a name="line84"></a>goog.require(&#39;goog.html.SafeHtml&#39;);
<a name="line85"></a>goog.require(&#39;goog.html.SafeUrl&#39;);
<a name="line86"></a>goog.require(&#39;goog.html.TrustedResourceUrl&#39;);
<a name="line87"></a>
<a name="line88"></a>
<a name="line89"></a>/**
<a name="line90"></a> * @define {boolean} Whether conversion from string to goog.html types for
<a name="line91"></a> * legacy API purposes is permitted.
<a name="line92"></a> *
<a name="line93"></a> * If false, the conversion functions in this file unconditionally throw an
<a name="line94"></a> * exception.
<a name="line95"></a> */
<a name="line96"></a>goog.define(&#39;goog.html.legacyconversions.ALLOW_LEGACY_CONVERSIONS&#39;, true);
<a name="line97"></a>
<a name="line98"></a>
<a name="line99"></a>/**
<a name="line100"></a> * Performs an &quot;unchecked conversion&quot; from string to SafeHtml for legacy API
<a name="line101"></a> * purposes.
<a name="line102"></a> *
<a name="line103"></a> * Unchecked conversion will not proceed if ALLOW_LEGACY_CONVERSIONS is false,
<a name="line104"></a> * and instead this function unconditionally throws an exception.
<a name="line105"></a> *
<a name="line106"></a> * @param {string} html A string to be converted to SafeHtml.
<a name="line107"></a> * @return {!goog.html.SafeHtml} The value of html, wrapped in a SafeHtml
<a name="line108"></a> *     object.
<a name="line109"></a> */
<a name="line110"></a>goog.html.legacyconversions.safeHtmlFromString = function(html) {
<a name="line111"></a>  goog.html.legacyconversions.throwIfConversionDisallowed_();
<a name="line112"></a>  return goog.html.legacyconversions.
<a name="line113"></a>      createSafeHtmlSecurityPrivateDoNotAccessOrElse_(html);
<a name="line114"></a>};
<a name="line115"></a>
<a name="line116"></a>
<a name="line117"></a>/**
<a name="line118"></a> * Performs an &quot;unchecked conversion&quot; from string to TrustedResourceUrl for
<a name="line119"></a> * legacy API purposes.
<a name="line120"></a> *
<a name="line121"></a> * Unchecked conversion will not proceed if ALLOW_LEGACY_CONVERSIONS is false,
<a name="line122"></a> * and instead this function unconditionally throws an exception.
<a name="line123"></a> *
<a name="line124"></a> * @param {string} url A string to be converted to TrustedResourceUrl.
<a name="line125"></a> * @return {!goog.html.TrustedResourceUrl} The value of url, wrapped in a
<a name="line126"></a> *     TrustedResourceUrl object.
<a name="line127"></a> */
<a name="line128"></a>goog.html.legacyconversions.trustedResourceUrlFromString = function(url) {
<a name="line129"></a>  goog.html.legacyconversions.throwIfConversionDisallowed_();
<a name="line130"></a>  return goog.html.legacyconversions.
<a name="line131"></a>      createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line132"></a>};
<a name="line133"></a>
<a name="line134"></a>
<a name="line135"></a>/**
<a name="line136"></a> * Performs an &quot;unchecked conversion&quot; from string to SafeUrl for legacy API
<a name="line137"></a> * purposes.
<a name="line138"></a> *
<a name="line139"></a> * Unchecked conversion will not proceed if ALLOW_LEGACY_CONVERSIONS is false,
<a name="line140"></a> * and instead this function unconditionally throws an exception.
<a name="line141"></a> *
<a name="line142"></a> * @param {string} url A string to be converted to SafeUrl.
<a name="line143"></a> * @return {!goog.html.SafeUrl} The value of url, wrapped in a SafeUrl
<a name="line144"></a> *     object.
<a name="line145"></a> */
<a name="line146"></a>goog.html.legacyconversions.safeUrlFromString = function(url) {
<a name="line147"></a>  goog.html.legacyconversions.throwIfConversionDisallowed_();
<a name="line148"></a>  return goog.html.legacyconversions.
<a name="line149"></a>      createSafeUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line150"></a>};
<a name="line151"></a>
<a name="line152"></a>
<a name="line153"></a>/**
<a name="line154"></a> * Internal wrapper for the package-private
<a name="line155"></a> * goog.html.SafeHtml.createSafeHtml... function.
<a name="line156"></a> * @param {string} html A string to be converted to SafeHtml.
<a name="line157"></a> * @return {!goog.html.SafeHtml}
<a name="line158"></a> * @private
<a name="line159"></a> * @suppress {visibility} For access to SafeHtml.create...  Note that this
<a name="line160"></a> *     use is appropriate since this method is intended to be &quot;package private&quot;
<a name="line161"></a> *     within goog.html.  DO NOT call SafeHtml.create... from outside this
<a name="line162"></a> *     package; use appropriate wrappers instead.
<a name="line163"></a> */
<a name="line164"></a>goog.html.legacyconversions.createSafeHtmlSecurityPrivateDoNotAccessOrElse_ =
<a name="line165"></a>    function(html) {
<a name="line166"></a>  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_(
<a name="line167"></a>      html, null);
<a name="line168"></a>};
<a name="line169"></a>
<a name="line170"></a>
<a name="line171"></a>/**
<a name="line172"></a> * Internal wrapper for the package-private
<a name="line173"></a> * goog.html.TrustedResourceUrl.createTrustedResourceUrl... function.
<a name="line174"></a> * @param {string} url A string to be converted to TrustedResourceUrl.
<a name="line175"></a> * @return {!goog.html.TrustedResourceUrl}
<a name="line176"></a> * @private
<a name="line177"></a> * @suppress {visibility} For access to TrustedResourceUrl.create...  Note that
<a name="line178"></a> *     this use is appropriate since this method is intended to be
<a name="line179"></a> *     &quot;package private&quot; within goog.html.  DO NOT call
<a name="line180"></a> *     TrustedResourceUrl.create... from outside this package; use appropriate
<a name="line181"></a> *     wrappers instead.
<a name="line182"></a> */
<a name="line183"></a>goog.html.legacyconversions.
<a name="line184"></a>    createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_ = function(url) {
<a name="line185"></a>  return goog.html.TrustedResourceUrl
<a name="line186"></a>      .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line187"></a>};
<a name="line188"></a>
<a name="line189"></a>
<a name="line190"></a>/**
<a name="line191"></a> * Internal wrapper for the package-private goog.html.SafeUrl.createSafeUrl...
<a name="line192"></a> * function.
<a name="line193"></a> * @param {string} url A string to be converted to TrustedResourceUrl.
<a name="line194"></a> * @return {!goog.html.SafeUrl}
<a name="line195"></a> * @private
<a name="line196"></a> * @suppress {visibility} For access to SafeUrl.create...  Note that this use
<a name="line197"></a> *     is appropriate since this method is intended to be &quot;package private&quot;
<a name="line198"></a> *     within goog.html.  DO NOT call SafeUrl.create... from outside this
<a name="line199"></a> *     package; use appropriate wrappers instead.
<a name="line200"></a> */
<a name="line201"></a>goog.html.legacyconversions.createSafeUrlSecurityPrivateDoNotAccessOrElse_ =
<a name="line202"></a>    function(url) {
<a name="line203"></a>  return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line204"></a>};
<a name="line205"></a>
<a name="line206"></a>
<a name="line207"></a>/**
<a name="line208"></a> * Checks whether legacy conversion is allowed. Throws an exception if not.
<a name="line209"></a> * @private
<a name="line210"></a> */
<a name="line211"></a>goog.html.legacyconversions.throwIfConversionDisallowed_ = function() {
<a name="line212"></a>  if (!goog.html.legacyconversions.ALLOW_LEGACY_CONVERSIONS) {
<a name="line213"></a>    throw Error(
<a name="line214"></a>        &#39;Error: Legacy conversion from string to goog.html types is disabled&#39;);
<a name="line215"></a>  }
<a name="line216"></a>};
</pre>


</body>
</html>
